http://secunia.com/advisories/12685/ Secunia Advisory: SA12685 Software: proxytunnel 1.x Description: A security issue has been reported in proxytunnel, which can be exploited by malicious, local users to gain knowledge of sensitive information. The problem is that the username and password for the proxy is passed insecurely. Solution: The issue has been fixed in version 1.2.0. http://sourceforge.net/project/showfiles.php?group_id=39840 ___________________________________________________ from the CHANGES file (http://cvs.sourceforge.net/viewcvs.py/proxytunnel/proxytunnel/CHANGES?rev=1.16&view=auto) - Added patch by Fred Donck <fd0 at donck dot com> to store proxy username and password in environment variables. Security fix ------------ - Modified cmdline.c to allow passing of proxyuser and proxypass as environment variables to prevent other users on same machine from snooping sensitive info. -U for env var that contains the proxy user -S for env var that contains the proxy user's password ______________________________________________________________________ package only has ~x86 vapier, since you commited this ebuild, could you please bump it
version bumped in cvs previous version was ~x86, new version is x86
Closing without GLSA, since this was ~arch masked before and rated C4.
